What is it about?

The Digital Operations Resilience Act (DORA) is a European regulation (Regulation (EU) 2022/2554) that sets new requirements for IT security in the financial sector. The aim is to strengthen the digital resilience of the companies concerned and thus increase the overall security of the financial sector. DORA covers various areas, including ICT risk management, notification and reporting obligations in the event of ICT-related incidents, the obligation to establish and further develop a digital operational resilience audit programme, regulations on the management of risk by ICT third-party service providers and concretisation of requirements for outsourcing contracts, especially in the area of cloud.

Current status and timeline

The Digital Operations Resilience Act (DORA) came into force on 17 January 2023 and will be applicable from 17 January 2025 after an implementation period.

Who is affected?

The Digital Operations Resilience Act (DORA) affects financial companies such as credit institutions, financial service providers, payment institutions, crypto service providers, FinTechs and so-called "critical ICT third-party providers" such as cloud providers.

What are the challenges?

Companies need to revise their IT security processes and adapt their outsourcing contracts where necessary, especially in the area of cloud. They also need to develop effective strategies to manage the risk from third-party ICT service providers and comply with notification and reporting obligations for ICT-related incidents.

Our legal services in the context of the Digital Operations Resilience Act (DORA)

SKW Schwarz is there to help you overcome these challenges:

  • Risk management and compliance consulting: We help you bring your IT security processes up to date and establish effective ICT risk management.
  • Advice on reporting requirements: We guide you through the new reporting requirements and help you establish processes for accurate reporting.
  • Developing resilience testing programmes: We support you in implementing digital operational resilience testing programmes.
  • Management of ICT third-party risks and advice on IT security incidents: We advise you on risk management when outsourcing ICT services as well as after the realisation of a risk or an incident and the communication with the authorities and other parties involved and affected.
  • Contractual advice: We help you to review and adapt your outsourcing contracts, especially in the area of cloud and SaaS, to be DORA-compliant.

With our in-depth understanding of IT law and our experience in advising companies in this area, SKW Schwarz is your ideal partner to meet the challenges of DORA. Contact us today to find out how we can support you.

Our 3 DORA Experts

Jens  Borchardt

Jens Borchardt


Dr. Christoph  Krück

Dr. Christoph Krück


Benjamin  Spies

Benjamin Spies